Re: Client says Can't contact LDAP server, but it can!

--On Thursday, July 24, 2008 4:13 PM -0700 John Oliver <joliver@john-oliver.net> wrote:

On Thu, Jul 24, 2008 at 04:04:10PM -0700, Quanah Gibson-Mount wrote:


Any client will need to know about the CA that signed your self-signed
cert.


I created my certificate with:

openssl req -new -x509 -nodes -out /etc/ssl/ldap.pem -keyout
/etc/openldap/ssl/ldap.pem -days 3650

In slapd.conf I have:

TLSCertificateFile /etc/ssl/ldap.pem
TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
TLSCACertificateFile /etc/ssl/ldap.pem

What do I need to do differently?


Create your own CA first?  Then sign your own certs with it.

<http://www.tc.umn.edu/~brams006/selfsign.html>

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: Client says Can't contact LDAP server, but it can!
  - From: John Oliver <joliver@john-oliver.net>

References:
- Client says Can't contact LDAP server, but it can!
  - From: John Oliver <joliver@john-oliver.net>
- Re: Client says Can't contact LDAP server, but it can!
  - From: "Sean Burford" <unix.gurus@gmail.com>
- Re: Client says Can't contact LDAP server, but it can!
  - From: Howard Chu <hyc@symas.com>
- Re: Client says Can't contact LDAP server, but it can!
  - From: John Oliver <joliver@john-oliver.net>
- Re: Client says Can't contact LDAP server, but it can!
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Client says Can't contact LDAP server, but it can!
  - From: John Oliver <joliver@john-oliver.net>